From: Andreas Steffen Date: Tue, 23 Oct 2018 16:55:16 +0000 (+0200) Subject: libtpmtss: Generalize AIK keys to signature keys X-Git-Tag: 5.7.2dr1~9^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3150bd2b819616d53d143dcfe865b63496130237;p=thirdparty%2Fstrongswan.git libtpmtss: Generalize AIK keys to signature keys --- diff --git a/src/libtpmtss/tpm_tss_tss2_v1.c b/src/libtpmtss/tpm_tss_tss2_v1.c index a7b1344bd7..f904442ede 100644 --- a/src/libtpmtss/tpm_tss_tss2_v1.c +++ b/src/libtpmtss/tpm_tss_tss2_v1.c @@ -421,7 +421,7 @@ METHOD(tpm_tss_t, get_version_info, chunk_t, } /** - * read the public key portion of a TSS 2.0 AIK key from NVRAM + * read the public key portion of a TSS 2.0 key from NVRAM */ bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle, TPM2B_PUBLIC *public) @@ -471,9 +471,9 @@ METHOD(tpm_tss_t, get_public, chunk_t, } aik_blob = chunk_create((u_char*)&public, sizeof(public)); - DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob); + DBG3(DBG_LIB, "%s public key blob: %B", LABEL, &aik_blob); - /* convert TSS 2.0 AIK public key blot into PKCS#1 format */ + /* convert TSS 2.0 public key blot into PKCS#1 format */ switch (public.t.publicArea.type) { case TPM_ALG_RSA: @@ -490,12 +490,12 @@ METHOD(tpm_tss_t, get_public, chunk_t, aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size); aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); - /* subjectPublicKeyInfo encoding of AIK RSA key */ + /* subjectPublicKeyInfo encoding of RSA public key */ if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) { - DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key " + DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of public key " "failed", LABEL); return chunk_empty; } @@ -526,7 +526,7 @@ METHOD(tpm_tss_t, get_public, chunk_t, pos += ecc->x.t.size; /* copy y coordinate of ECC point */ memcpy(pos, ecc->y.t.buffer, ecc->y.t.size); - /* subjectPublicKeyInfo encoding of AIK ECC key */ + /* subjectPublicKeyInfo encoding of ECC public key */ aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_EC_PUBLICKEY), @@ -536,10 +536,10 @@ METHOD(tpm_tss_t, get_public, chunk_t, break; } default: - DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); + DBG1(DBG_PTS, "%s unsupported key type", LABEL); return chunk_empty; } - DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash", + DBG1(DBG_PTS, "signature algorithm is %N with %N hash", tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg); return aik_pubkey; } @@ -624,7 +624,7 @@ METHOD(tpm_tss_t, supported_signature_schemes, enumerator_t*, break; } default: - DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); + DBG1(DBG_PTS, "%s unsupported key type", LABEL); return enumerator_create_empty(); } return enumerator_create_single(signature_params_clone(&supported_scheme), diff --git a/src/libtpmtss/tpm_tss_tss2_v2.c b/src/libtpmtss/tpm_tss_tss2_v2.c index eb80a0e3b0..6bbbce238f 100644 --- a/src/libtpmtss/tpm_tss_tss2_v2.c +++ b/src/libtpmtss/tpm_tss_tss2_v2.c @@ -381,7 +381,7 @@ METHOD(tpm_tss_t, get_version_info, chunk_t, } /** - * read the public key portion of a TSS 2.0 AIK key from NVRAM + * read the public key portion of a TSS 2.0 key from NVRAM */ bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle, TPM2B_PUBLIC *public) @@ -425,9 +425,9 @@ METHOD(tpm_tss_t, get_public, chunk_t, } aik_blob = chunk_create((u_char*)&public, sizeof(public)); - DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob); + DBG3(DBG_LIB, "%s public key blob: %B", LABEL, &aik_blob); - /* convert TSS 2.0 AIK public key blot into PKCS#1 format */ + /* convert TSS 2.0 public key blot into PKCS#1 format */ switch (public.publicArea.type) { case TPM2_ALG_RSA: @@ -444,12 +444,12 @@ METHOD(tpm_tss_t, get_public, chunk_t, aik_modulus = chunk_create(rsa->buffer, rsa->size); aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); - /* subjectPublicKeyInfo encoding of AIK RSA key */ + /* subjectPublicKeyInfo encoding of RSA public key */ if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) { - DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key " + DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of public key " "failed", LABEL); return chunk_empty; } @@ -480,7 +480,7 @@ METHOD(tpm_tss_t, get_public, chunk_t, pos += ecc->x.size; /* copy y coordinate of ECC point */ memcpy(pos, ecc->y.buffer, ecc->y.size); - /* subjectPublicKeyInfo encoding of AIK ECC key */ + /* subjectPublicKeyInfo encoding of ECC public key */ aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_EC_PUBLICKEY), @@ -490,10 +490,10 @@ METHOD(tpm_tss_t, get_public, chunk_t, break; } default: - DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); + DBG1(DBG_PTS, "%s unsupported key type", LABEL); return chunk_empty; } - DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash", + DBG1(DBG_PTS, "signature algorithm is %N with %N hash", tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg); return aik_pubkey; } @@ -578,7 +578,7 @@ METHOD(tpm_tss_t, supported_signature_schemes, enumerator_t*, break; } default: - DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); + DBG1(DBG_PTS, "%s unsupported key type", LABEL); return enumerator_create_empty(); } return enumerator_create_single(signature_params_clone(&supported_scheme),